Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[NFX] Route not listed in route forwarding-table of IPSec-NM

0

0

Article ID: KB33626 KB Last Updated: 16 Aug 2019Version: 2.0
Summary:

After adding route configuration to IPSec Network Manager (IPSec-NM), users may find that a route is missing in the forwarding table or that the forwarding-table is empty or that the forwarding table itself is missing.

This article indicates what must be done to troubleshoot the issue.

Symptoms:

The following symptoms are observed:

  • Unable to pass traffic via IPSec-NM

  • Unable to establish VPN via IPSec-NM

  • srxpfe daemon is not running on IPSec-NM

  • Deactivate IPSec-NM, then activate IPSec-NM did not help

Cause:

The route forwarding-table can be missing or empty due to srxpfe or monit process daemon not running.

Solution:

Check to verify that if srxpfe or monit process daemon is running. You can check this by running the following command in the ipsec-nm shell:

ps aux | grep srxpfe

The following is an example of ipsec-nm where srxpfe is running:

root@ipsec-nm%ps aux | grep srxpfe
root        94 15.2  0.9 2262256 147124 ?      Sl   Apr23 237:14 /usr/sbin/srxpfe -a -d
root      6692  0.0  0.0   4400   396 pts/0    S+   00:23   0:00 grep srxpfe
root@ipsec-nm%

Unfortunately, if you run into this situation where the srxpfe process is NOT running on the IPSec-NM, the only resolution is to reboot the NFX device again.

NoteIf you deactivate/activate IPSec-NM from the Juniper Device Manager (JDM), you will see a core dump on IPSec-NM, and the srxpfe daemon will not start.  You will have to reboot the entire NFX.  This is a known product limitation.

Modification History:
2019-08-02: added deactivate / activate note to solution section
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search